back to article UK police cuff suspect over VTech toy hack

An unnamed UK man has been arrested on suspicion of hacking toymaker VTech. Officers from the South East Regional Organised Crime Unit (SEROCU) said they'd arrested a 21-year-old in Bracknell, Berkshire as part of an investigation of the hacking of applications belonging to VTech. The suspect was arrested on suspicion of …

  1. Guus Leeuw

    Dear Sir,

    If the perpetrator did do anything harmful with the data, other than gaining access to it, then sure use the Computer Misuse Act against him/her.

    At any rate, and based on VTech's apparent statement, make sure the Computer Misuse Act is used against VTech. All the way from the top to the idiot who decided that security was too expensive...

    Regards,

    Guus

    1. Matt Bryant Silver badge
      Facepalm

      Re: Guus Leeuw

      "....make sure the Computer Misuse Act is used against VTech...." Sure, but that would be pointless as the Act mentioned regards unauthorised intrusion, not poor IT security, so VTech would walk away untouched. What are required are legally-enforced corporate laws for minimum levels of IT security, including regular penetration testing, across the EU. I'm sure it will have the security insultants salivating at the idea but it really is long overdue, and I also predict some companies will work round it by siting their IT overseas where there would be no requirement to meet the law's standard. Maybe as part of the law they could include that companies have to display their compliance notification on their websites. For too long the EU's debate on IT security has been fixated on people's rights (and the politicised ranting against the US) and has ignored the legal punishment of those that don't secure data in the EU.

  2. Crisp
    Flame

    The real question is why hasn't anyone at VTech been arrested?

    Adding my voice to what Guus has said above;

    Why aren't VTech being held accountable for this? They've not lost anything trivial like their customers bank details or their credit card information. They've practically left the door open for hackers to walk off with the unencrypted details of over 6,370,000 children.

    Craig Jones advising consumers to follow cyber-security advice is a poor sop to angry parents that have done nothing wrong and are quite rightly concerned that their children's details are out there on the internet and available to people that might not have their childrens best interests at heart.

    You can follow all the cyber-security advice you like, but it will do you no good if they company storing your data gets breached.

    What are the parents of these 6,370,000 children supposed to do? Move house and change all their phones? What deterrent will be put in place to remind companies that our data is valuable to us and will cause us a material harm if it is not kept safe?

    1. deive

      Re: The real question is why hasn't anyone at VTech been arrested?

      Too bloody right!

      And it needs to be VTech board members held accountable - not a VW "it was a rouge engineer wot done it".

      They are the ones who have taken all the profit and not secured their products - they are the ones who have to take responsability..

      1. Ben Tasker Silver badge

        Re: The real question is why hasn't anyone at VTech been arrested?

        Agreed. This news sounds more like a case of shooting the messenger rather than dealing with the twatspanners who thought playing fast and loose with their customer's data was an acceptable thing to do.

        As other poster's have said, we need to start going to the top and targeting the champagne guzzling C suites who view security as a cost centre which can be cut/ignored to boost profits.

    2. Cynic_999 Silver badge

      Re: The real question is why hasn't anyone at VTech been arrested?

      I really cannot think of what harm a person could do with the sort of details of those 6,370,000 children that would be held on VTech's system. What sort of nefarious activities did you have in mind?

      1. deive

        Re: The real question is why hasn't anyone at VTech been arrested?

        How about targeted info on kiddies near peados that can use the info as a way to start grooming? I know, I know THINK OF THE CHILDREN and all that, but I do think this is a real concern in this case (rather than the usual trying to reduce our rights kind of thing!)

        Also for the DS own voters, not sure what they have to day against it as the haven't commented (maybe they are the ones scimping on their customers security??) http://www.dft.gov.uk/vca/data-protection-act-guidance-on-compliance.asp clearly states "kept secure against unlawful or unauthorised processing, or accidental loss or erasure"

        Clearly VTech have not complied as these products have proved to be totally unsecured in all ways!

        1. John Brown (no body) Silver badge

          Re: The real question is why hasn't anyone at VTech been arrested?

          "Clearly VTech have not complied as these products have proved to be totally unsecured in all ways!"

          It's possible, and I could be wrong about this, please correct me if I am, but it may be that the relevant law to apply is one in the jurisdiction where VTec is based, and/or where the servers are, which I believe is Hong Kong currently a part of the Peoples Republic of China.

          I'm not sure if VTech have a physical presence anywhere in the EU (or the other affected nations) so the only possible laws that may apply are those relating to EU citizens data being exported. But this might not apply for "direct to site" data as compared to data gathered and stored in the EU by an EU company, then exported. This is a major part of what the "safe harbour" kerfuffle is about.

          1. Allan George Dyer Silver badge

            Re: The real question is why hasn't anyone at VTech been arrested?

            @John Brown (no body) "I believe is Hong Kong currently a part of the Peoples Republic of China."

            The Hong Kong Privacy Commissioner for Personal Data is investigating. Personally, I think HK's DP laws are a bit toothless (enforcement notice for first offence, don't do it again...) but at least the Commission is trying.

      2. DaveyBoy

        Re: The real question is why hasn't anyone at VTech been arrested?

        It is not just what they could do now but what they could do with those identities in the future. They have a set of mostly immutable information that could, probably, be used to commit all sorts of identity theft in a few years...

        I'm also disgusted that the talk talk hack was mainstream news for, well, not a lot whereas this hack which exposed *childrens* personal details barely made the tech news.

        My wife works in a school, and I asked her to bring it to the head teachers attention, and then hopefully the local education authority... Their lack of understanding was almost embarrassing... Now, if a child had been in physical danger they might have understood.

        Thankfully my child was not exposed but a lot were. Including children of teachers at the school my wife works at! And they thought the email from vtech was a phishing scam!

      3. Allan George Dyer Silver badge

        Re: The real question is why hasn't anyone at VTech been arrested?

        @Cynic_999 - how about custody battles and violent parents? Some children are "at risk" for particular reasons, so a toy revealing their location is a big concern.

  3. Anonymous Coward
    Anonymous Coward

    Lock the blaggard in a cell for 5 years with only a "Vtech ABC Spell with Me" for company.

    1. Mark 85 Silver badge

      Shucks, I hoping he'd get a Vtech board member for company. Oh well... if wishes were fishes....

  4. Youngone Silver badge
    FAIL

    Goodness, That photo!

    I thought there might already be a comment about the awful promotional photo at the top of the article.

    I'm assuming it's from v-tech and is probably an indication of the quality of their products.

    Those poor children look as if they've been drugged.

    1. Anonymous Coward
      Anonymous Coward

      Re: Goodness, That photo!

      Not drugged. Just American

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020